// SPDX-License-Identifier: LGPL-2.1+ /* * Copyright (C) 2017 Red Hat, Inc. */ #include "nm-default.h" #include "nm-device-macsec.h" #include "nm-device-private.h" #include "nm-object-private.h" #include "nm-utils.h" /*****************************************************************************/ NM_GOBJECT_PROPERTIES_DEFINE_BASE ( PROP_PARENT, PROP_SCI, PROP_CIPHER_SUITE, PROP_ICV_LENGTH, PROP_WINDOW, PROP_ENCODING_SA, PROP_ENCRYPT, PROP_PROTECT, PROP_INCLUDE_SCI, PROP_ES, PROP_SCB, PROP_REPLAY_PROTECT, PROP_VALIDATION, ); typedef struct { NMLDBusPropertyO parent; char *validation; guint64 sci; guint64 cipher_suite; guint32 window; guint8 icv_length; guint8 encoding_sa; bool encrypt; bool protect; bool include_sci; bool es; bool scb; bool replay_protect; } NMDeviceMacsecPrivate; struct _NMDeviceMacsec { NMDevice parent; NMDeviceMacsecPrivate _priv; }; struct _NMDeviceMacsecClass { NMDeviceClass parent; }; G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE) #define NM_DEVICE_MACSEC_GET_PRIVATE(self) _NM_GET_PRIVATE(self, NMDeviceMacsec, NM_IS_DEVICE_MACSEC, NMObject, NMDevice) /*****************************************************************************/ /** * nm_device_macsec_get_parent: * @device: a #NMDeviceMacsec * * Returns: (transfer none): the device's parent device * * Since: 1.6 **/ NMDevice * nm_device_macsec_get_parent (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL); return nml_dbus_property_o_get_obj (&NM_DEVICE_MACSEC_GET_PRIVATE (device)->parent); } /** * nm_device_macsec_get_hw_address: * @device: a #NMDeviceMacsec * * Gets the hardware (MAC) address of the #NMDeviceMacsec * * Returns: the hardware address. This is the internal string used by the * device, and must not be modified. * * Since: 1.6 * * Deprecated: 1.24: Use nm_device_get_hw_address() instead. **/ const char * nm_device_macsec_get_hw_address (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL); return nm_device_get_hw_address (NM_DEVICE (device)); } /** * nm_device_macsec_get_sci: * @device: a #NMDeviceMacsec * * Gets the Secure Channel Identifier in use * * Returns: the SCI * * Since: 1.6 **/ guint64 nm_device_macsec_get_sci (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->sci; } /** * nm_device_macsec_get_icv_length: * @device: a #NMDeviceMacsec * * Gets the length of ICV (Integrity Check Value) * * Returns: the length of ICV * * Since: 1.6 **/ guint8 nm_device_macsec_get_icv_length (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->icv_length; } /** * nm_device_macsec_get_cipher_suite: * @device: a #NMDeviceMacsec * * Gets the set of cryptographic algorithms in use * * Returns: the set of cryptographic algorithms in use * * Since: 1.6 **/ guint64 nm_device_macsec_get_cipher_suite (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->cipher_suite; } /** * nm_device_macsec_get_window: * @device: a #NMDeviceMacsec * * Gets the size of the replay window * * Returns: size of the replay window * * Since: 1.6 **/ guint nm_device_macsec_get_window (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->window; } /** * nm_device_macsec_get_encoding_sa: * @device: a #NMDeviceMacsec * * Gets the value of the Association Number (0..3) for the Security * Association in use. * * Returns: the current Security Association * * Since: 1.6 **/ guint8 nm_device_macsec_get_encoding_sa (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->encoding_sa; } /** * nm_device_macsec_get_validation: * @device: a #NMDeviceMacsec * * Gets the validation mode for incoming packets (strict, check, * disabled) * * Returns: the validation mode * * Since: 1.6 **/ const char * nm_device_macsec_get_validation (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->validation; } /** * nm_device_macsec_get_encrypt: * @device: a #NMDeviceMacsec * * Gets whether encryption of transmitted frames is enabled * * Returns: whether encryption is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_encrypt (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->encrypt; } /** * nm_device_macsec_get_protect: * @device: a #NMDeviceMacsec * * Gets whether protection of transmitted frames is enabled * * Returns: whether protection is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_protect (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->protect; } /** * nm_device_macsec_get_include_sci: * @device: a #NMDeviceMacsec * * Gets whether the SCI is always included in SecTAG for transmitted * frames * * Returns: whether the SCI is always included * * Since: 1.6 **/ gboolean nm_device_macsec_get_include_sci (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->include_sci; } /** * nm_device_macsec_get_es: * @device: a #NMDeviceMacsec * * Gets whether the ES (End station) bit is enabled in SecTAG for * transmitted frames * * Returns: whether the ES (End station) bit is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_es (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->es; } /** * nm_device_macsec_get_scb: * @device: a #NMDeviceMacsec * * Gets whether the SCB (Single Copy Broadcast) bit is enabled in * SecTAG for transmitted frames * * Returns: whether the SCB (Single Copy Broadcast) bit is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_scb (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->scb; } /** * nm_device_macsec_get_replay_protect: * @device: a #NMDeviceMacsec * * Gets whether replay protection is enabled * * Returns: whether replay protection is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_replay_protect (NMDeviceMacsec *device) { g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE (device)->replay_protect; } /***********************************************************/ static void nm_device_macsec_init (NMDeviceMacsec *device) { } static void finalize (GObject *object) { NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (object); g_free (priv->validation); G_OBJECT_CLASS (nm_device_macsec_parent_class)->finalize (object); } static void get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec) { NMDeviceMacsec *device = NM_DEVICE_MACSEC (object); switch (prop_id) { case PROP_PARENT: g_value_set_object (value, nm_device_macsec_get_parent (device)); break; case PROP_SCI: g_value_set_uint64 (value, nm_device_macsec_get_sci (device)); break; case PROP_ICV_LENGTH: g_value_set_uchar (value, nm_device_macsec_get_icv_length (device)); break; case PROP_CIPHER_SUITE: g_value_set_uint64 (value, nm_device_macsec_get_cipher_suite (device)); break; case PROP_WINDOW: g_value_set_uint (value, nm_device_macsec_get_window (device)); break; case PROP_ENCODING_SA: g_value_set_uchar (value, nm_device_macsec_get_encoding_sa (device)); break; case PROP_VALIDATION: g_value_set_string (value, nm_device_macsec_get_validation (device)); break; case PROP_ENCRYPT: g_value_set_boolean (value, nm_device_macsec_get_encrypt (device)); break; case PROP_PROTECT: g_value_set_boolean (value, nm_device_macsec_get_protect (device)); break; case PROP_INCLUDE_SCI: g_value_set_boolean (value, nm_device_macsec_get_include_sci (device)); break; case PROP_ES: g_value_set_boolean (value, nm_device_macsec_get_es (device)); break; case PROP_SCB: g_value_set_boolean (value, nm_device_macsec_get_scb (device)); break; case PROP_REPLAY_PROTECT: g_value_set_boolean (value, nm_device_macsec_get_replay_protect (device)); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; } } const NMLDBusMetaIface _nml_dbus_meta_iface_nm_device_macsec = NML_DBUS_META_IFACE_INIT_PROP ( NM_DBUS_INTERFACE_DEVICE_MACSEC, nm_device_macsec_get_type, NML_DBUS_META_INTERFACE_PRIO_INSTANTIATE_HIGH, NML_DBUS_META_IFACE_DBUS_PROPERTIES ( NML_DBUS_META_PROPERTY_INIT_T ("CipherSuite", PROP_CIPHER_SUITE, NMDeviceMacsec, _priv.cipher_suite ), NML_DBUS_META_PROPERTY_INIT_Y ("EncodingSa", PROP_ENCODING_SA, NMDeviceMacsec, _priv.encoding_sa ), NML_DBUS_META_PROPERTY_INIT_B ("Encrypt", PROP_ENCRYPT, NMDeviceMacsec, _priv.encrypt ), NML_DBUS_META_PROPERTY_INIT_B ("Es", PROP_ES, NMDeviceMacsec, _priv.es ), NML_DBUS_META_PROPERTY_INIT_Y ("IcvLength", PROP_ICV_LENGTH, NMDeviceMacsec, _priv.icv_length ), NML_DBUS_META_PROPERTY_INIT_B ("IncludeSci", PROP_INCLUDE_SCI, NMDeviceMacsec, _priv.include_sci ), NML_DBUS_META_PROPERTY_INIT_O_PROP ("Parent", PROP_PARENT, NMDeviceMacsec, _priv.parent, nm_device_get_type ), NML_DBUS_META_PROPERTY_INIT_B ("Protect", PROP_PROTECT, NMDeviceMacsec, _priv.protect ), NML_DBUS_META_PROPERTY_INIT_B ("ReplayProtect", PROP_REPLAY_PROTECT, NMDeviceMacsec, _priv.replay_protect ), NML_DBUS_META_PROPERTY_INIT_B ("Scb", PROP_SCB, NMDeviceMacsec, _priv.scb ), NML_DBUS_META_PROPERTY_INIT_T ("Sci", PROP_SCI, NMDeviceMacsec, _priv.sci ), NML_DBUS_META_PROPERTY_INIT_S ("Validation", PROP_VALIDATION, NMDeviceMacsec, _priv.validation ), NML_DBUS_META_PROPERTY_INIT_U ("Window", PROP_WINDOW, NMDeviceMacsec, _priv.window ), ), ); static void nm_device_macsec_class_init (NMDeviceMacsecClass *klass) { GObjectClass *object_class = G_OBJECT_CLASS (klass); NMObjectClass *nm_object_class = NM_OBJECT_CLASS (klass); object_class->get_property = get_property; object_class->finalize = finalize; _NM_OBJECT_CLASS_INIT_PRIV_PTR_DIRECT (nm_object_class, NMDeviceMacsec); _NM_OBJECT_CLASS_INIT_PROPERTY_O_FIELDS_1 (nm_object_class, NMDeviceMacsecPrivate, parent); /** * NMDeviceMacsec:parent: * * The devices's parent device. * * Since: 1.6 **/ obj_properties[PROP_PARENT] = g_param_spec_object (NM_DEVICE_MACSEC_PARENT, "", "", NM_TYPE_DEVICE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:sci: * * The Secure Channel Identifier in use. * * Since: 1.6 **/ obj_properties[PROP_SCI] = g_param_spec_uint64 (NM_DEVICE_MACSEC_SCI, "", "", 0, G_MAXUINT64, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:icv-length: * * The length of ICV (Integrity Check Value). * * Since: 1.6 **/ obj_properties[PROP_ICV_LENGTH] = g_param_spec_uchar (NM_DEVICE_MACSEC_ICV_LENGTH, "", "", 0, G_MAXUINT8, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:cipher-suite: * * The set of cryptographic algorithms in use. * * Since: 1.6 **/ obj_properties[PROP_CIPHER_SUITE] = g_param_spec_uint64 (NM_DEVICE_MACSEC_CIPHER_SUITE, "", "", 0, G_MAXUINT64, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:window: * * The size of the replay window. * * Since: 1.6 **/ obj_properties[PROP_WINDOW] = g_param_spec_uint (NM_DEVICE_MACSEC_WINDOW, "", "", 0, G_MAXUINT32, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:encoding-sa: * * The value of the Association Number (0..3) for the Security * Association in use. * * Since: 1.6 **/ obj_properties[PROP_ENCODING_SA] = g_param_spec_uchar (NM_DEVICE_MACSEC_ENCODING_SA, "", "", 0, G_MAXUINT8, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:validation: * * The validation mode for incoming packets (strict, check, * disabled). * * Since: 1.6 **/ obj_properties[PROP_VALIDATION] = g_param_spec_string (NM_DEVICE_MACSEC_VALIDATION, "", "", NULL, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:encrypt: * * Whether encryption of transmitted frames is enabled. * * Since: 1.6 **/ obj_properties[PROP_ENCRYPT] = g_param_spec_boolean (NM_DEVICE_MACSEC_ENCRYPT, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:protect: * * Whether protection of transmitted frames is enabled. * * Since: 1.6 **/ obj_properties[PROP_PROTECT] = g_param_spec_boolean (NM_DEVICE_MACSEC_PROTECT, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:include-sci: * * Whether the SCI is always included in SecTAG for transmitted * frames. * * Since: 1.6 **/ obj_properties[PROP_INCLUDE_SCI] = g_param_spec_boolean (NM_DEVICE_MACSEC_INCLUDE_SCI, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:es: * * Whether the ES (End station) bit is enabled in SecTAG for * transmitted frames. * * Since: 1.6 **/ obj_properties[PROP_ES] = g_param_spec_boolean (NM_DEVICE_MACSEC_ES, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:scb: * * Whether the SCB (Single Copy Broadcast) bit is enabled in * SecTAG for transmitted frames. * * Since: 1.6 **/ obj_properties[PROP_SCB] = g_param_spec_boolean (NM_DEVICE_MACSEC_SCB, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:replay-protect: * * Whether replay protection is enabled. * * Since: 1.6 **/ obj_properties[PROP_REPLAY_PROTECT] = g_param_spec_boolean (NM_DEVICE_MACSEC_REPLAY_PROTECT, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); _nml_dbus_meta_class_init_with_properties (object_class, &_nml_dbus_meta_iface_nm_device_macsec); }